With my original question, I meant how can I secure the Web Console (I was able to install a custom SSL certificate for the Router, so now it's the Web Console's turn). I am following the instructions from the documentation [1], but to no avail - Web Console is still picking up the default self-singed certificate by Openshift.
Since I am starting my Openshift cluster using *oc cluster up, *a new directory gets created, namely openshift.local.clusterup/. So what I did I edited the file openshift.local.clusterup/kub-apiserver/master-config.yaml as described in [1]: servingInfo: masterPublicURL: https://dev3.maslick.com:8443 publicURL: https://dev3.maslick.com:8443/console/ bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 1200 namedCertificates: - certFile: dev3-maslick-com.crt clientCA: ca-maslick-com.pem keyFile: key-dev3-maslick-com.pem names: - "dev3.maslick.com" requestTimeoutSeconds: 3600 volumeConfig: dynamicProvisioningEnabled: true It doesn't work though. It doesn't even pick up my certificate. I put the crt, ca and key files into the same folder as master-config.yaml: $HOME/openshift.local.clusterup/kub-apiserver/. Any thoughts? Thanks! [1] https://docs.okd.io/latest/install_config/certificate_customization.html#configuring-custom-certificates Regards, Pavel Maslov, MS On Mon, Feb 25, 2019 at 4:31 PM Pavel Maslov <pavel.masl...@gmail.com> wrote: > Hi, all > > I'm new to the list. Perhaps, smb already asked this question: > > When I start a cluster using *oc cluster up* command, Openshift generates > a self-signed certificate. Is it possible to give it a real certificate? > > Thanks in advance. > > Regards, > Pavel Maslov, MS >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
